Skills
skills/d4kooo/openclaw-token-memory-optimizer/token-optimizer/Gen Agent Trust Hub

token-optimizer

Pass

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): The skill implements Retrieval-Augmented Generation (RAG) through its 'Session Transcript Indexing' and 'Local RAG' workflows, creating a surface for indirect prompt injection. Untrusted data from conversation logs can be indexed and later retrieved into the agent context. Evidence: 1. Ingestion points: ~/.openclaw/sessions/*.jsonl (Workflow 4) and memory/ files (Workflow 3). 2. Boundary markers: Absent. 3. Capability inventory: Instructs the use of memory_search and memory_get tools to process indexed data. 4. Sanitization: No sanitization or validation of the indexed content is specified.
  • [COMMAND_EXECUTION] (SAFE): The file scripts/check-optimization.sh is a shell script designed for local diagnostics. It performs read-only checks on the agent configuration file and does not execute untrusted commands or external code.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 19, 2026, 02:42 PM